Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bruteforce attack against smtp-auth

from [mgotts] Network Security [Permanent Link]
Subject: Re: Bruteforce attack against smtp-auth
Date: Wed, 10 Jan 2007 10:14:22 -0800 
this day i've seen that somebody from China had tried to get an smtp
login om a server. This was the first time i've seen something like
this, bruteforce against ssh i've seen often but never against the
mailserver. Now i'm interresed in if there a more people out there with
similar experience an is there an suggestion to deal with this way of 

hacks?

I've not experienced this myself, since we don't use SMTP Auth, but it has 
been going on for years. I did a quick Google search on "smtp auth attack" 
and found lots of relevant hits, including how to secure a Postfix mail 
server against it (http://www.thecabal.org/~devin/postfix/smtp-auth.txt), 
a general description of the problem and some simple countermeasures (
http://www.vamsoft.com/authattack.asp), etc.

I did have to allow smtp relays for a remote office some years ago, and in 
addition to implementing smtp auth I also restricted relaying to 
particular IPs and/or subnets. Not a perfect solution, but it prevents any 
attacks on the smtp auth mechanism from outside those IPs.

-- Mark
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Bruteforce attack against smtp-auth, Philipp Frik
Next by Date:  Re: Bruteforce attack against smtp-auth, Peter Morgan
Previous by Thread:  Bruteforce attack against smtp-auth, Philipp Frik
Next by Thread:  Re: Bruteforce attack against smtp-auth, Peter Morgan
Indexes:  [Date] [Thread] [Top] [All Lists]